Should i encrypt web.config on shared hosting?

Good day all. I've took out some .net hosting with web fusion but are fighting to ge开发者_StackOverflow中文版t answers regarding their security set up.

Specifically i'm used to full trust enviroments as i work for a large utilities company.

Usually i would encrypt some / all of my web.config, this i cannot do on their medium trust IIS7 enviroment, nor will they let me install i RSA key specificically for my application.

So is my configuration file really that safe?, i have fears of someone stealing all my sensitive data from my database using the unencrypted connection string?

You are under a serious delosion thinking encrypting web.config helps. What aou are afraid of mostly is someone breaking into your account, and if I can replace your web application, the fact that the connection string is encrypted sort of is pointless as I HAVE TO HAVE access to the decryption key anyway.

So, I can, under any circumstance, always access the database anyway.

If you use shared hosting then there is an implicit trust realtionship between you and the hosting provider. They are the sys admins and they control the infrastructure and systems that host your application. If the security of your software and data is such that you do not wish to allow a third party to access them then you need to either get a dedicated server or a virtual server. That way you control the system from a security perpsective and their sysadmins cannot access your data so long as it is all encrypted. Encypting the config file on shared hosting is virtually worthless.